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VERSION WITH MARKINGS TO SHOW CHANGES MADE (09/838,123) 



IN THE SPECIFICATION : 

The third paragraph beginning on page 12, line 9 has been AMENDED to read as follows: 

The present invention utilizes the basic structure of DES with a modification to the fixed 
permutation applied after the S boxes in the f function of traditional DES. Said modification enables 
the permutation P* 136 applied after the S boxes 170 to be varied under control of some of the bits 
of the cryptographic key 134. The present invention utilizes cryptographic key bits for three 
purposes. The first purpose is to furnish the 56 bits (excluding the 8 bits of parity) 138 used to create 
the 64 bits (including the 8 bits of parity) 166 that traditional DES uses to compute the elements of 
the so called key schedule ([11 8] 118 i ...ll8 ig). The second purpose is to supply cryptographic key 
bits 142 that are used to control the generation and replacement of the variable P* permutation 136. 
The third purpose is to provide a privacy means 1 50 such that encipherment of a data block 1 1 0 and 
decipherment of a cipher block 1 32 can be accomplished in private by using a secret mask 1 50 which 
determines which subset of cryptographic key bits 138 selected from the cryptographic key 134 are 
used for the DES key schedule [1 1 8] 168 and which subset of the remaining cryptographic key bits 
142 are used for the control and generation of the variable P* permutation 136. 
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The second paragraph beginning on page 13, line 1 0 has been AMENDED to read as follows: 

The steps for carrying out data encryption using the enhanced DES method according to the 
present invention is shown in Fig. 1. An input data block of 64 bits in step 1 10 is subjected to an 
initial permutation 112. The initial permutation in step 1 12 provides no cryptographic benefit but 
ensures compatibility with other implementations. That is, the initial permutation simply transposes 
bits within the input block in accordance with a table given in the conventional DES. The initially 
permutated data are then divided into a left half register block (L 0 ) 114 and a right half register block 
(R 0 ) 116 of 32-bits each. The right half register block 116 [is linearly combined with a 
derivative] and [ 1 1 8] 118 i a derivative of super keying variable (SK k) 1 34 [during an] are used 
as inputs to the f function [step] 120[, and then subjected to a] whose output 176 is bit-by-bit 
modulo-2 [additionl added 122 with the left half register block L n 1 14 . The K n [156]118 Q in the 
formula below is generated according to the DES key schedule 168 shown in Fig. 8. 
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The second paragraph beginning on page 14, line 4 has been AMENDED to read as follows: 

The output at the end of 1 6 rounds consists of a preoutput which is the concatenation of Ri g 
126 and Ljg 128. Subsequently, after in inverse initial permutation in step 130, an output block of 
64 bits [is produced in step] 132 is produced . 

The third paragraph beginning on page 14, line 7 has been AMENDED to read as follows: 

Fig. 2 shows an example of utilizing super keying variable (SK) 134 of K bits in length. In 
an example in which K= 128 bits, a mask 1 50 selects 56 bits 138 which needs to be expanded to 64 
bits with odd parity 166 for the DES key schedule 168 of Fig. 8 while the remaining K-56 bits 142 
are used for P* programming. In particular, Fig. 2 shows that the remaining K-56 bits 142 are 
selected for programming e.g., an M-sequence linear feedback shift register (LFSR) 144 which in 
turn supplies, under the control of a control module 200, bits to be used as beta-elements 182(See 
Fig. 4) in the Field Programmable Gate Array FPGA 136 which in turn implements the P* 
permutation 136. The f function 120 contains the S boxes 170 which produce a 32 bit output 
labeled (B1,B2, ...,B32) 148. These 32 bits are transposed by the P* permutation 136 resulting in 
a one-to-one transposition labeled (B1*,B2*,...,B32*) 174. 
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The fourth paragraph beginning on page 14, line 1 7 has been AMENDED to read as follows: 



The 32 bits 174 resulting from application of P* [is]are further permuted by a fixed 
one-to-one permutation P' 184 resulting in 32 output bits 176. [This] The P ' permutation would 
normally be calculated at the time of designing the embodiment and is calculated so that when the 
beta elements of the FPGA 136 are all set to a particular default condition^ which in our preferred 
embodiment is all zeros, the fixed P' permutation 184 is such that [when applied to the 
(B1*,B2*,...,B32*) resulting from applying P* with the beta elements set to all zeros to (B1,B2, 
...,B32) the result of] P*P' is [(B1* ? ,B2*\...,B32*') 176 is] equivalent to [result of] the fixed and 
defined P permutation of the traditional DES[ applied to (B1,B2, ...,B32)]. This is the feature that 
enables the present invention to have a mode that is compatible with the traditional DES. Note that 
the above referenced P permutation is identified in U.S. Patent No.: 3962539 as 600 and its values 
are specified on page 15 of [in] FIPS 46-3 as permutation function P[ on page 15]. 

The first paragraph beginning on page 15, line 8 has been AMENDED to read as follows: 

The operation of the process needed to select from the SuperKey 1 34 the DES engine sub key 
138 and the subkey 142 used to generate and or replace P* is controlled by a control module 200. 
This module [is] may also be used to control bits from a randomizer 208 [and where and how they 
are used] when the system is in the mode of generating non- [referable] reproducible and 
non-predictable output (i.e. unable to be decrypted or replicated by another party with the same 
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device and settings) for use such as in generating cryptographic keys or wherever non deterministic 
or difficult to predict information is required. 

The second paragraph beginning on page 15, line 1 5 has been AMENDED to read as follows: 

The following is an example of an application of the privacy feature of the preferred 
embodiment of the present invention. Two users of an instant messaging application over the 
internet each have an identical implementation of the applicants' improved invention. A cipher key 
(e.g. 1 28 bits)! 34 is securely supplied to each user by the messaging system. This enables the users 
to encrypt and decrypt messages to each other using the identical cipher key. However, depending 
upon the architecture and implementation of the cipher key generation and distribution system the 
messaging system operator may be able to hold a copy of the cipher key 134 allowing unauthorized 
reading of the messages sent between users. The users may wish to achieve additional privacy to 
protect against this unauthorized reading of messages. This can be accomplished using the present 
invention as follows. 

The first paragraph beginning on page 16, line 3 has been AMENDED to read as follows: 

First the users agree upon a secondary cipher key using an independent channel from that of 
the messaging service. This secondary cipher key could be another 128 bit cipher key or a mutually 
agreed upon pass phrase of enough length that it can be converted by a means such as ASCII 
representation into a binary mask 150 of 56 ones which is used to select 56 bits of sub key 138 from 
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the original cipher key 134. The bits in the original cipher key positions corresponding to the 
positions of the 56 ones in the mask become the ordered 56 bits of the sub key 138. The remaining 
ordered 72 bits of the original cipher key are used to preset a portion of an M sequence LFSR 
[142] 144 which generates bits for changing P*. The result is that the two users now have used the 
identical initial cipher key but each has modified it in the same unique way. This modification is 
as secure as the independent channel used to communicate the secondary cipher key and the means 
of selecting the secondary cipher key or pass phrase. If this secondary cipher key is in fact securely 
communicated between the two users then the users are protected against the possibility of the 
messaging service operator using a copy of the original cipher key in an unauthorized manner to read 
the messages between the two users. The situation of the messaging service operator providing 
pathological cipher keys such as all zeros or all ones can be checked for by the users' application. 

The second paragraph beginning on page 1 6, line 1 9 has been AMENDED to read as follows : 

The heart of the [crytosecurity] crvptosecuritv of the applicants 5 improved DES system resides in 
the [ function] f function 120 as shown in Fig. 3. As shown in Fig. 3, the register block (R) 1 16 is 
expanded [in step] bv E 158 to 48 bits by [simply] repeating certain bits of the register block. This 
expansion is defined by a table EJn the conventional DES. The 48-bit expanded register block 162 
is then bit-bv-bit modulo-2 added [in step] 164 with the nth element [1 18]K n of the key schedule 
168 which is derived from the expanded 64 bit sub key 166 which in turn is derived from the 56 bits 
138 selected using the mask 150 from the super keying variable (SK) 134 of 128 bits. The result of 
this operation is passed to a substitution step 1 70. The selection step 1 70 is made up of eight unique 
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substitution functions. Each of the unique substitution functions (i.e., S-boxes designated as 
S i v ? Sg) takes a 6-bit block as input and yields a 4-bit block as output. The operation of each of the 
eight S-boxes is defined by the conventional DES. 

The second paragraph beginning on page 1 7, line 1 2 has been AMENDED to read as follows: 

The dynamic permutation process (DPP) 136 using a five-stage Omega Network is shown 
in Fig. 4. The Omega network is based on a plurality of Beta switch elements 182, each of which 
has two inputs and two outputs and a one bit control. Contrary to the conventional DES permutation 
process in which the P permutation applied after the S boxes [arejis fixed and known, the 
permutation results of the DPP are dependent upon [a]the particular Beta (*) [value] values as set 
forth in each of the Beta switch element[ 182]s. Some or all of the Beta values are not known 
because they can be supplied by the cryptographic key or cryptovariable. 

The third paragraph beginning on page 18, line 16 has been AMENDED to read as follows: 

Fig. 6 illustrates the Omega Network as shown in Fig. 5 combined with the related fixed 
[fixed] permutation 184 of 32 elements. That is, by cascading the Omega network with the 
appropriate P ! permutation 1 84, the combination of the DPP followed by P' yields a permutation that 
corresponds to the original P function in the traditional DES. The permutation mapping of the P 1 
function which is defined in Table 1 is the fixed permutation which when applied after a P* 
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produced by the Omega network with Beta elements set to the default condition zero yields the P 
permutation of the traditional DES. 

The first paragraph beginning on page 20, line 3 has been AMENDED to read as follows: 

For each round of the encryption process, the permutation in each f function can be varied, 
and the variation need not by cyclic after sixteen rounds but non-repeating throughout an encryption. 
Additionally, the variation in the permutation can also [to] be a function of the extended keying 
variable. 

The third paragraph beginning on page 20, line 1 5 has been AMENDED to read as follows: 

Since the Omega network as shown in Fig. 6 requires 80 one bit controls, some of these 
controls can be set by utilizing bits from the cryptographic key that are not used in the calculation 
of the key schedule, i.e. that are not used in 138. These control bits from the keying variable would 
then be invariant over the life of that particular keying variable. The remaining controls would be 
fixed or be a function of the round of the ECB mode and a function of the round number plus [(] 16 
times the encipherment cycle number[)] . In the k-bit cipher feedback mode, the encipherment cycle 
number would be zero for the production of the first k-bits, one for the production of the second 
k-bits, and so on. Thus the round number plus 16 times the encipherment cycle number would be 

1,2,3, , 16, 17, 18, ,31,32, respectively, for the 32 rounds involved in the production of 

the first two k-bit blocks. It may also be that the bits for the Beta elements be a function not only 
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of the round number plus 1 6 times the encipherment cycle number, but also the Initialization Vector 
(IV) which in the Output Feedback mode would be 1 10 . 

The first paragraph beginning on page 21 , line 5 has been AMENDED to read as follows: 

The number of bits from the cryptographic keying variable, and the number of bits from the 
sources described above, would need to sum to 80 as this is the number of one-bit controls needed 
to set the 5 level 32 input omega network. A standard key length is 128 bits, so in the present 
invention a preferred embodiment would use 56 bits for the traditional DES key schedule and the 
remaining 72 bits as control bits for 72 Beta elements. The additional 8 bits needed to completely 
define the 80 element omega network in this example could be fixed for a particular implementation 
or use or could be variable within a cryptoperiod or from cryptoperiod to cryptoperiod. 

The third paragraph beginning on page 23, line 1 5 has been AMENDED to read as follows: 

Additionally, a network referred to as the Benes- Waksman network, which is realizable with 
Beta elements for all of the 32! permutations, can also be used in the present invention as an 
alternative arrangement for the permutation network. The Benes-Waksman network [is 
unique] differs from the Omega network in the sense that every stage is not identical in its connection 
to every other stage. However, it is also understandably more complex than the omega network 
considered above. 
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ABSTRACT OF THE DISCLOSURE 



The abstract has been AMENDED to read as follows: 

An enhanced cryptographic system of high security for a [referable] ciphering of a block of 
data bits under control of a cryptographic key [or] mid for generating a [non referable ciphering] one 
way transformation of a block of data bits with said cryptographic system being based upon the 
traditional DES but utilizing a variable permutation [or linear transformation] after the S box 
substitution function. Said variable permutation is able to be realized in an FPGA implementing 
the variable permutation via a switching network such as an Omega or Bennes-Waksman network 
with the switching network control elements under control of the cryptographic key and with an 
electable mode compatible with the traditional single DES and TDEA and their various modes and 
with a further capability for a privacy mode within a set of holders of common cryptographic key via 
a sub key selection mask. A method and process for efficient interruption and resumption of the 
cryptographic operation are also described. 

Q:\FLOATERS\TEB\teb\00\000505\Supplementa1 Preliminary Amendment 
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